similar to: OpenSSH and OpenSSL 0.9.7.e with FIPS

Hi, Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to make one using http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ? Regards, Manish

Hi, Here is FIPS 140-2 patch for OpenSSH 6.5p1. Since our expertise in OpenSSH code is limited, request moderators to validate this patch and update as required. Regards, Manish Jagtap

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

A negated subject search on an empty folder causes an assertion failure in doveadm. To reproduce: bash-3.2# doveadm mailbox create -u ephraim "Freshly Empty" bash-3.2# doveadm search -u ephraim mailbox "Freshly Empty" NOT subject '***JUNK MAIL***' doveadm(ephraim): Panic: file mail-index-map.c: line 548 (mail_index_map_lookup_seq_range): assertion failed: (first_uid

FYI in order to get 2.1.1p2 to work on my HP-UX 11.0 systems I had to patch atomicio.c for EWOULDBLOCK (HP read() does not give the POSIX return code). The new atomicio() is a clean fix for this timing problem; all it needs now is this one little tweak. Also had the "General Commercial Security" error (PAM_TERM_ERROR from pam_acct_mgmt()) which I have very crudely addressed for now by

First the bug: I've found a timing problem in 2.1.1p1 at the point where the client version string is read, a core dump with a "Did not receive ident string..." error. This problem does not appear to have been mentioned yet in the list archive. This bug was noted on HP-UX 11.0 but could be a problem on other Unices as well. My Q&D fix (patch below) was to spin on EWOULDBLOCK

Excerpt: The OpenSSL project said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as ?high? severity. <...> The patch is likely to set off a mad scramble by security teams at organizations that rely on OpenSSL. That?s because security updates ? particularly those added to open-source software like OpenSSL that anyone can view ?

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

Hi Jean Marc & List, So I have been fiddling with the denoiser (again). While poking around I noticed that nb_preprocess is basically a counter that is mod-ded with 100 (the default), which causes Smin[] to be re- seeded with the value in Stmp[] (min of the previous adaptation period). Smin[] is then used to update the noise probability, which is (probably) less likely when adaptation

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

http://bugzilla.mindrot.org/show_bug.cgi?id=1024 Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi Tom, Of course the current tuning of the denoise is approximative and could probably be improved... That being said, the modulo 100 isn't the adaptation time itself, but rather the window over which to look for minima. The main idea is this: if the power in a certain bin isn't too much higher than the minimal value for a certain window, then we can adapt the noise estimate. The

http://bugzilla.mindrot.org/show_bug.cgi?id=1030 Summary: sshd writes twice to wtmp when "UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi all, I recently started with Xen (3.1.0) on my new server running Ubuntu Gutsy (7.10) and I''m experiencing very poor network performance on my domU''s. Since my colo provider offers me a /28 of routed public IPs next to one interconnection IP to their routers, I built a Xen configuration as described in http://www.debian-administration.org/articles/360 (a routed

Using Digium fax I've tried a simple dialplan: '8447' => 1. Answer() [pbx_config] 2. Set(CALLERID(num)=xxxyyyzzzz) [pbx_config] 3. Dial(DAHDI/g0/1bbbcccdddd,,G(send)) [pbx_config] [send] 4. SendFax(/var/spool/asterisk/fax/20090922_1301.tif) [pbx_config] 5. HangUp() But I doesn't work. It executes

For our internal fax machines, I'm checking if the faxes are going to branch offices. If they are, I want to capture and email them to the branches. I've set up extension 8447 to test this. A fax machines is connected via an SPA 2102 on 173. Any calls from 173 are sent to: [outbound-fax] exten => 8447,1,Answer() exten => 8447,n,GoSub(Capture-Fax,s,1) exten

http://bugzilla.mindrot.org/show_bug.cgi?id=1087 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Portable OpenSSH | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

On 12/04/2015 10:02 PM, security veteran wrote: > Hi Jakub, > > Another question I have is, are there any changes in this patch RedHat > Linux distribution specific? The reason I ask is, if I port the changes to > other Linux distribution like Debian or Ubuntu, do you see any issues? I don't think there is something distro-specific. Distro specific parts are handled in other